The discussion below is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed matter.
With the proliferation of the Internet, host systems can provide their services to numerous client systems, where both host and client systems are distributed throughout the world. Once a proper connection is established, information can flow freely between a host system and a client system.
For example, in a conventional distributed network a plurality of host systems or servers are in communication with a plurality of client systems via a network or a collection of networks, e.g., the Internet. The architecture of such a distributed network is a source of strength (e.g., enabling free flow of information between numerous systems) and a source of vulnerability (e.g., creating vulnerabilities to malicious attacks.
Specifically, when a client system attempts to establish a connection, e.g., a TCP (Transmission Control Protocol) connection, to a host system, the client and host exchange a set sequence of messages or packets. This general approach applies to all TCP connections: Web, telnet, email and so on. When the connection is set up, the client system may send requests to the host system, e.g. for content.
In order to prevent or reduce malicious actions of client system on host systems, firewalls are commonly known. A firewall is a dedicated appliance or software which inspects network traffic passing through it, and denies or permits passage based on a set of rules.
There are several classifications of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced. Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. These firewalls filter traffic based on packet attributes. The firewall administrator may define the rules; or default rules may apply. Network layer firewalls generally fall into two sub-categories. A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall, while other packets will be rejected. Stateless firewalls have packetfiltering capabilities, but cannot make more complex decisions on what stage communications between hosts have reached.
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. These firewalls inspect packets for improper content. An XML firewall exemplifies a recent kind of application-layer firewall. An example of such a firewall is provided by EP 1 296 252.
The network layer firewalls are disadvantageous in that complicated rule sets must be set up and maintained. On the other hand, the application-layer firewalls are disadvantageous in that the screening of the content of the packets requires a considerable amount of resources and/or may take a significant amount of time.
There is a need in the art for an improved security system capable of e.g. saving resources.